Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
Recent vulnerabilities and exploits
6.1
CVSSv3
CVE-2024-13422
The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes i...
Suhas93 Seo Blogger To Wordpress Migration Using 301 Redirection
6.4
CVSSv3
CVE-2024-13389
The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
Cliptakes Cliptakes
NA
CVE-2025-23006
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated malicious user to execute ...
Sonicwall Sma1000
6.4
CVSSv3
CVE-2024-13340
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output escap...
Realmag777 Mdtf – Meta Data And Taxonomies Filter
6.5
CVSSv3
CVE-2024-13236
The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
Leogermani Tainacan
6.4
CVSSv3
CVE-2024-12504
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sa...
Videowhisper Broadcast Live Video – Live Streaming Html5, Webrtc, Hls, Rtsp, Rtmp
6.4
CVSSv3
CVE-2024-12118
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possib...
Theeventscalendar The Events Calendar
5.9
CVSSv4
CVE-2025-0648
Unexpected server crash in database driver in M-Files Server prior to 25.1.14445.5 allows a highly privileged malicious user to cause denial of service via configuration change.
M-files Corporation M-files Server
6.3
CVSSv4
CVE-2025-0635
Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.
M-files Corporation M-files Server
6.5
CVSSv3
CVE-2024-43708
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana.
Elastic Kibana
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-21298
jenkins project
CVE-2025-23811
server-side request forgery
jenkins bitbucket server integration plugin
CVE-2025-21210
CVE-2025-23882
bypass
muzaara google ads report
wordpress file search
CVE-2025-24397
mass assignment
CVE-2024-12477
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »